Thursday, October 20, 2011

Uh, uh? faking or caching MySQL PHP results - Ulf Wendel

Unfortunately MySQL Proxy was no good source of inspiration today. MySQL Proxy can do many wonderful things which you can do with C based mysqlnd plugins as well. But not with PECL/mysqlnd_uh. PECL/mysqlnd_uh lets you write ?plugins? in PHP. Given my desire to demo the power of mysqlnd plugins at the upcoming webinar Succeed with Plugins using PHP examples, I had to extend PECL/mysqlnd_uh to allow result set manipulation. Five brand new lines of magic.

 class __mysqlnd_result extends MysqlndUhResult {  public function fetchInto($res, &$rows, $flags, $extension) {   $rows = array("Your mysqlnd has been hacked!");  } } mysqlnd_uh_set_result_proxy(new __mysqlnd_result()); 

The new, yet undocumented and untested built-in class MysqlndUhResult maps to mysqlnd?s internal result class. It is responsible for fetching the data of a result set. It consist of some 20 methods. To get started, I?ve exported MysqlndUhResult::fetchInto which is supposed to read the data of all rows of a result set into the rows variable passed to it by reference. For faking a result set, one assigns an array to the variable. Note, that only the data not the meta data is manipulated.

 $mysqli = new mysqli("localhost", "root", "", "test"); $res = $mysqli->query("SELECT 'Enjoy your weekend!' FROM DUAL"); var_dump($res->fetch_assoc()); 


 nixnutz@linux-fuxh:~/php/php-src/branches/PHP_5_4> sapi/cli/php fake.php array(1) {   [0]=>   string(29) "Your mysqlnd has been hacked!" } 

A typical use case for injecting or manipulating a result is a cache. Please, do not start developing a cache using PECL/mysqlnd_uh. We did that already for you in C. Check out PECL/mysqlnd_qc?

Happy hacking!

@Ulf_Wendel

Source: http://blog.ulf-wendel.de/2011/uh-uh-faking-or-caching-mysql-php-results/

ZORAN ZIONS BAN YAHOO

No comments:

Post a Comment